What is a DDoS Attack?

DDoS. It’s become a four-letter word that strikes fear in the hearts of business owners across the internet industry, and with good cause. Threats for DDoS attacks across the industry have been rising in terms of frequency, volume, and ease of access every year and, according to a statistical analysis by Calyptix, 2018 was no different. In fact, in 2018 the internet saw the largest quantity of DDoS attacks in a calendar year as well as the most massive volumetric attacks ever.

So what do you need to know about DDoS attacks and how can Liquid Web help? Let’s find out.

What is a DDoS Attack?

Why Would Someone Do That?

The easiest way to rationalize this type of situation is to remember that a DDoS Attack is malicious and illegal. With that in mind, we can equate this type of activity to any other criminal activity, like someone breaking into your car. Why would they do that? There are all types of reasons, but sometimes it’s better to focus on the situations where it happens and how to avoid or protect ourselves.

Subscribe to the Liquid Web weekly newsletter to have more security content like this sent straight to your inbox.

Good Point. So Where Do They Happen?

There are three types of sites who see the most DDoS activity: bidding sites, highly competitive business industry sites, and news or blog sites who report on controversial topics.

Bidding Sites:

Attackers will usually try to bid for an item with a relatively low bid then initiate an attack which renders the server unreachable. If there are no more bidders, they have a better chance of getting their item at the lower price. Sneaky.

Competitive Business Industries:

These seem to be sporadic and infrequent, but still prevalent enough to mention. There’s no proof as to whether high dollar sites are targeted more frequently or are just more highly publicized due to their revenue amounts, but it’s still something to consider, especially given the potential damages. Some sites can go down for an hour and lose hundreds or thousands. When larger sites lose time, it can be even more costly.

News and Blog Sites:

Controversial topics are groupings with a vast scope, but it still sparks the same situations. Sometimes someone thinks a subject shouldn’t be discussed or reported and will try and take the law into their own hands.

Again, it’s best not to try to rationalize an irrational situation. Just accept that this activity is illegal and move forward with defense and mitigation.

So How Do I Protect Myself?

Good! Moving forward. I like it!

As I mentioned, there are two basic forms of DDoS Attacks: Volumetric and Service-Level. Luckily Liquid Web has you covered on both.

Type of attack: Volumetric Attacks

The first and most common are Volumetric attacks. These can be thought of like a traffic jam. Imagine going to work and pulling onto the on-ramp only to see that the highway is filled with cars. You’re stuck at the on-ramp and can’t get access to the road.

In a volumetric attack, an attacker generates massive amounts of Junk Traffic and sends it to your servers. This nonsense traffic, often malformed packets and noise, fills up your server’s bandwidth and causes legitimate traffic from your customers to get stuck in a jam.

Unlike a traffic jam on a highway, however, traffic doesn’t just wait in line. Your clients will see the dreaded No Connection Error, or the load times will slow to the point of causing frustration, and your clients will just leave.

A great example of this was the somewhat recent Github website DDoS attack in February 2018 – which also happens to be the largest recorded DDoS attack to-date at 1.35Tbps. This specific attack, which some are calling Memcrached, used misconfigured Memcached servers to strengthen the attack. Luckily Akamai, one of the largest content delivery networks globally, was able to help Github survive the attack.

So How Can I Protect My Sites From These Types of Attacks?

Liquid Web’s first line of defense is an always-on solution that watches for this type of junk traffic, stopping it at the edge of our network, several layers before it even gets to your server. And the best part: basic protection is free!

Every server, service, and IP address on our network comes with the full protection from these types of attacks up to 2 Gbps, a threshold for the most common attacks. And, if you happen to notice larger types of attacks or think preparing for such an attack is prudent, we have two extra service layers covering up to 20 Gbps.

Type of Attack: Service-Level Attacks

The second and less common, but much more sophisticated type of DDoS Attack, is the Service-Level attack, often referred to as a SYN-flood, a SYN-attack, or a Layer 7 attack.

Service-Level attacks exploit the connection-request design of web servers and require the attacker to craft specific request packets, not simply junk traffic. These requests look like legitimate requests from legitimate clients, and so they slip through the standard DDoS protection layers. Once the request is made, your server responds with its own ACK packet, as it should. This response generates a connection, but the attacker never sends traffic across this connection. The connection simply remains open.

The problem is that servers have a limited number of active connection which can be occupied. Once this limit is reached, your site stops accepting new connections until the old ones are closed.
Despite the smaller size and often shorter duration, these attacks can still cause significant damage to an organization.

How Can I Protect My Business From These Attacks?

This is where Liquid Web’s second layer of protection comes in to play. Our Advanced DDoS Mitigation plan employs powerful hardware and software layers which are sophisticated enough to be able to inspect these SYN packets and decide which are legitimate and which ones are not.

Further, this process is not an always-on method which relies on automation. Our highly capable team of network administrators will be watching the traffic, analyzing it and tweaking the configurations to make sure the attack is handled appropriately so you can have peace of mind.

Great! But What Happens if the Attack is Significantly Larger?

Liquid Web has partnered with CloudFlare, a well-established giant of DDoS mitigation and protection, to include several offerings for off-site mitigation.

Also, since we’re a full partner, we can assist with the process, which is relatively simple and only requires a quick DNS change. The Most Helpful Humans in Hosting can walk you through each step to get you protected no matter the situation. We’re just a ticket or phone call away.

Get Started With DDoS Attack Prevention Today

About the Author

A self-professed pirate captain with two decades of leadership experience, Jerry has lead teams from 60+ cooks and chefs to 16 Networking engineers in his current role as Liquid Web's Head of Network Operations and Platform. When not working or sleeping, Jerry can usually be found eating and having a good conversation with good people.